Major Security Upgrade for 2019

Speed and security are vital aspects of our service and we are always looking for ways to improve both. Our latest update to our e-mail system delivers just that – enhanced security and increased speed. It is important that you always keep your software up to date to get full advantage of the latest improvements

A bit of technical background

SSL (‘secure sockets layer’) is the technology that websites use to handle your personal and financial details when you interact with them. It does this by sending 'certificates' with each interaction.

(Technically for some years the technology called SSL has been obsoleted and the current standard is called TLS. However, there is huge inertia around the original name and here we use SSL to refer to both technologies)

You may be interested to know that secure websites are identified by the ‘s’ in the web address, e.g. https://www.santander.co.uk and/or often a padlock symbol to the left of the search bar.

A bit more technical background

SSL certificates have traditionally been relatively huge, at least as far as satellite services are concerned. Typical certificates are 4,096 bits in size and frequently there will be several of these needing to be exchanged over several round-trips back and forth with the remote side.

The sizes of the data to transfer might be around 5KB to send the certificates, but when you have an Iridium satellite phone and a maximum speed of 18KB per minute, then these numbers are significant!

Even on the faster and cheaper satellite systems which are typically 50 times faster and much cheaper to run, the costs quickly add up and simply making 10 connections (eg to send 10 emails) could cost $1 or so.

What did we do?

There are two main changes we have been pushing across our technology stack:

Firstly we have switched to smaller SSL certificates using "elliptic curve" encryption. This is not a particularly new technology, and most security boffins think it's actually more secure than the older (larger) certificate encryption, but for various reasons its simply not been possible to purchase commercial ECC SSL certificates until recently.

The effect is quite dramatic. Certificates drop in size from 4,096 -> 256 bits! So this is a 16 time decrease in certificate size.

This should give an automatic reduction in data usage for anyone with a modern web browser or email program. However, we do still need to support those with antique software, so we automatically fall back and serve the old style certificates if your software is too old.

The second change is reducing the number of round trips to setup these secure connections. Modern software can "remember" cache details of the encrypted link after it's been setup. So when you revisit (eg sending two emails one after the other) your computer can abbreviate the setup process and the whole process happens more quickly and using less data.

This will always be seamless to you, but it's another reason to keep your software up to date to get full advantage of the latest improvements

Important for you to know

In layman's terms, our recent changes are significant as they both provide greater security and an acceleration in speed for our customers! It is important that you always keep your software up to date to get full advantage of the latest improvements